Agenda is subject to change.

Wednesday, April 20, 2022
Opening Keynote 8:45 AM - 9:15 AM
General Session- Zero Trust: Rethinking Security Architecture

The Department of Defense’s adoption of Zero Trust security is based on three foundational guidelines: “Never trust, always verify; assume breach; and verify explicitly.”   No longer can security operations teams build a wall around networks and think everything inside is safe. Every system, server, endpoint, and the data that resides on them or moves within and outside of DoD networks must be secured. The classic perimeter/defense-in-depth cybersecurity strategy has limited value against well-resourced adversaries and is an ineffective approach to address insider threats. Zero Trust requires designing a simpler and more secure architecture without impeding operations or compromising security. The Defense Information Systems Agency (DISA) has released version 1.0 of the Zero Trust Reference Architecture, which sets out the strategic purpose, principles, associated standards and other technical details for the DoD’s large-scale adoption of Zero Trust.

In this General Session, DoD experts will offer insights on how Zero Trust will help create “a more secure, coordinated, seamless, transparent, and cost-effective IT architecture that transforms data into actionable information” and protects against persistent cyber threats.
 

9:15 AM - 10:15 AM
Networking Break 10:15 AM - 10:45 AM
Breakout Session: Ransomware: A National Security Threat

Ransomware has moved from being an economic nuisance to a national security and public health and safety threat. The availability of international cloud infrastructures provides cyber criminals around the world with scalable and standard environments that can be accessed from anywhere. Ransomware attacks have been launched against the nation’s critical infrastructure sectors such as oil pipelines and food and agriculture, as well as the operations of municipal government. Even DoD contractors have been the target of ransomware attacks. Moreover, hacker organizations now franchise their ransomware-as-a-service (RaaS) capabilities to attackers, providing the encryption tools, communications, and ransom collection process, all for a percentage of the ransom collected.

In this breakout session, leading defense cybersecurity experts will discuss how the DoD can work along with other federal agencies and industry partners to stop ransomware attacks, while keeping operations running.
 

10:45 AM - 11:45 AM
Breakout Session: Mitigating Supply Chain Risks

The SolarWinds breach put the spotlight on supply chain risks and security. Although the DoD was not breached, 37 defense industrial base companies were hit by the sweeping SolarWinds supply chain hack attributed to the Russian government. The DoD has been aware of counterfeit equipment and supply risks for decades. The development of DoD’s Cybersecurity Maturity Model Certification (CMMC) is a critical component for strengthening the security posture of contractors and federal agencies as the threat environment rapidly evolves.  However, security requirements and controls are so vast, they span across many areas in the IT and cybersecurity world.

In this breakout session, defense and government security experts will provide insights into best practices, solutions and technology that will strengthen supply chain defenses.
 

10:45 AM - 11:45 AM
Lunch 11:45 AM - 12:30 PM
Lunch Keynote 12:30 PM - 1:00 PM
Breakout Session: Defending Forward in Cyberspace

Cyber operations, cybersecurity, and information operations are increasingly important to the Joint Force as adversaries heavily invest in cyberspace operations and capabilities. The Defense Department does not only have to protect data, information systems, and networks from cyberattacks, but weapon systems, as well. The DoD’s U.S. Cyber Command has taken a comprehensive and proactive approach, known as Defend Forward. That involves the ability to respond to cyber and other threats before they reach the homeland. Defend Forward includes understanding what adversaries are trying to do and what the threat looks like before their attack. This requires working closely with allies and partners as well as teamwork between the NSA, other commands, the FBI, and Department of Homeland Security. DoD has the tools and expertise to conduct defensive and offensive cyber operations. 

In this breakout session, session DoD decision-makers and cyber experts will examine the policies, methods, and technology the DoD must put in place to not only keep pace with adversaries but stay a step or two ahead of them.
 

1:00 PM - 2:00 PM
Breakout Session: Driving Mission Across Multiclouds--Securely

The Joint Warfighter Cloud Capability (JWCC) means DoD now has a multi-cloud/multi-vendor strategy. Initiatives like JADC2 and Artificial Intelligence and Data Acceleration (ADA), the evolution of the cloud ecosystem within DoD, and changes in user requirements to leverage multiple cloud environments to execute mission have driven the DoD to this juncture. By using different cloud providers defense agencies can match the right workload with the right cloud platform based on their unique requirements for performance, data location, scalability, and compliance.  However, multicloud environments add more complexity to defense networks, expanding the attack surface hackers can target and exploit.  Visibility across all infrastructures, whether on -premises or in cloud environments, is critical for cyber defenses to be effective.

In this breakout session, defense information technology and security experts will examine the policies, processes and technology that defense agencies need to protect information in a multi-cloud environment.
 

1:00 PM - 2:00 PM
Networking Break 2:00 PM - 2:30 PM
General Session Panel: JADC2: Building a Secure and Resilient Data Infrastructure

U.S. Secretary of Defense Lloyd Austin has signed off on the Joint All Domain Command and Control (JADC2) strategy that aims to fast-track the use of artificial intelligence and data sharing on the battlefield.  The strategy defines how the military services will approach connecting sensors in the air, land, sea, space, and cyberspace and use a networked approach to operations. The military has started work on JADC2, testing new technologies and developing new concepts of operations to use them. The Air Force has taken the lead through the development of its Advanced Battle Management System (ABMS), a network of sensors and connected technologies intended to promote rapid data sharing among a plethora of weapon systems.  
But JADC2 is not an easy endeavor.  Sharing information across multiple security layers, harvesting data, and then turning it into accessible, discoverable, and transportable information will be an ongoing challenge. 

In this General Session, defense data, IT, and security experts will discuss how the military services are working together on an integrated data infrastructure that will allow them to move data back and forth quickly in a secure manner. 
 

2:30 PM - 3:30 PM
Closing Keynote 3:30 PM - 4:00 PM
Closing Reception 4:00 PM - 5:30 PM